Many services are provided remotely by telephone or through an internet connection. Additionally, the services may relate to confidential information. There is a need to ensure that a user accessing the confidential information is authorized to access that information. That is, it is necessary to have a procedure in place to prevent or reduce fraud occurring through an unauthorized user being able to access the confidential information.
An example of a service offering remote access to confidential information is online banking—that is, offering and using banking services over an internet connection. An online banking service provides the advantage that a user does not have to be present in a bank branch to carry out an operation involving a bank account associated with the user. However, to implement it has been necessary to develop methods by which a user attempting to utilise the service can be authenticated. For example, in a typical online banking service, authentication comprises a user providing a password or other authentication information known only to an authorized user. However, accessing an online banking service via an internet connection suffer from inherent security issues. For example, a third party may be able to obtain secure information through phishing, hacking or other illicit means. Additionally, the level of technical competence differs between users which can allow further vulnerabilities. For example, a user who is not confident with information technology may not be used to suitably securing their private data.
In view of these problems, additional authentication methods have been provided in existing remote access services. One such authentication method involves authenticating a user through some apparatus or object possessed by the user. For example, a bank may provide a user with a “card reader” as an authentication apparatus. However, disadvantageously, this requires the user to have access to the card reader to access the service, limiting the ability of the user to access the service when travelling and causing user friction by inconveniencing a user.
Biometric authentication systems involve the identification of humans by their characteristic traits. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Examples include, but are not limited to fingerprint and face recognition. These characteristics are typically detected using a biometric scanning apparatus, for instance a microphone for detecting vocal patterns or other characteristics. In this way, voice prints corresponding to a detected vocal pattern may be produced which can be used in speaker recognition. Speaker recognition is the identification of a person who is speaking by characteristics of their voice, and is also known as voice recognition. Traditional methods of producing and using voice prints for speaker recognition include frequency estimation, hidden Markov models and pattern matching algorithms and will be well known to the appropriately skilled person.